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DETAILED ACTION 

1 . This Office Action is responsive to tine Amendment filed 2/25/2008. 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-3, 7-11, 18-19, and 21-23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Wootton et al. (US 6128298) hereafter Wootton in view of Civanlar et 
al. (US 5805805), hereafter Civanlar. 

Regarding claims 1 and 7-8, Wootton discloses: 

A gateway network element (Fig. 1 , IP Filter 12) that provides access to 
network elements (Fig. 1,18) that are not directly reachable, comprising: 

a processor that is directed by code; (the IP filter must have a processor 
directed by code.) 

code that receives and sends packets over a first IP based interface to a 
first network; (Fig. 1, interface 18 on IP filter 12) 

code that receives and sends packets over a second IP based interface to 
a second network, (Fig. 1 interface 20 in IP filter 12) wherein IP addresses of 
network elements in the second network are not visible to network elements in 
the first network; (Col. 5 lines 9-12 disclose that the IP addresses of the private 
network elements are not known in the public network) 
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A first set of filtering rules that are applied to packets coming in over the 
first IP interface that specify acceptable destination addresses and code that 
accepts packets received over the first IP based interface if the destination 
address specifies the gateway network element, a subnet broadcast address or a 
multicast address. (Col. 5 lines 16-20 state that all incoming traffic from the public 
network to the private network addresses the IP filter, thus it accepts packets on 
the public interface that specify the destination as the IP filter.) 
Wootton discloses all the limitations of claims 1-3 and 7-10 except for filtering 

packets out that arrive on the second interface which indicate the gateway as the 

source. 

The general concept of filtering out packets that indicate that the packet 
originated at the network element doing the filtering is well known in the art as taught by 
Civanlar. (Col. 12 lines 55-58 teach dropping packets that originated from the network 
element.) 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine Wootton with the general concept of filtering out packets that 

indicate that the packet originated at the network element doing the filtering as taught by 
Civanlar in order to decrease network traffic by removing duplicate packets from the 
network. 

Wootton and Civanlar teach all the limitations of claims 5-6 and 13-14 except for 
the first network being a DCN and the second network being a DCC. 
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The general concept of using a gateway for address translation and security (I.e. 
the system of Wootton and Sivanlar) between a DCN and DCC is well known in the art 
as taught by Semaan. (Fig. 1 teaches a DCN and DCC coupled with a gateway 
element. The GNE performs address translation and security between the IP DCC 105 
and the IPADCN 104.) 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Wootton and Civanlar to be used in the network taught by Semaan 
in order to further increase security between the DCC network and the DCN. 

Wootton, Civanlar, and Semaan teach all the limitations of claims 1, and 7-8 
except for accepting packets from the private network that are addressed as being 
destined to the gateway (i.e. the second set of filtering rules for the second interface). 

The general concept of a firewall, filter or gateway accepting packets destined to 
it from the private network is well known in the art as taught by Vu. (Col. 8 lines 38-50 
teach a gateway accepting packets from the private network that are addressed as 
being destined for the gateway.) 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Wootton, Civanlar, and Semaan with the general concept of a 
firewall, filter or gateway accepting packets destined to it from the private network as 
taught by Vu in order to allow the use of a UNIX device as the IP filter. 

Regarding claims 2 and 9 as applied to claims 1 and 8, Wootton discloses: 
code that sends packets over the first IP based interface only when the 

packets specify the gateway network element as the source. (Col. 5 lines 37-55 
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disclose that packets destined for the public network (i.e. the first interface) have 
the private IP address information removed from the packet so that the packet 
appears to have come from the filter.) 

Regarding claim 11 as applied to claim 8, Vu teaches: accepting packets from 
the private network that are addressed as being destined to the gateway. (Col. 8 
lines 38-50 teach a gateway accepting packets from the private network that are 
addressed as being destined for the gateway.) 

Claim 18 is the combination of claims 10 and 11 which are rejected above. 

Similiar reasonings apply to this claim. 

Claim 19 recites third and fourth filtering rules, which have already been rejected 
as part of claim 1 . Nothing distinguishes the rules claimed in the third and fourth 
set from the rules used to reject the first and second set, therefore, similar 
rejections apply to claim 19 as claim 1 . 

Claim 22, the IP filter contains code that filters the packets based on the 
interface and whether the destination address specifies the gateway network 
element, (as stated above, the limitation that filters by destination address as the 
gateway network element is disclosed and/or taught above. Further, the packets 
are treated differently (categorized) based off of the interface that they arrive on, 
as disclosed in at least the abstract of Wootton (the ip filter effects a translation 
between a source port number and a destination port number, therefore in order 
to make a correct translation the IP filter must know which interface the packet 
arrived on in order to make a proper translation.)) 
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Claim 23, the first network in Wootton is a WAN, and the second network is a 
LAN, as cited above. 

3. Claims 4, 12, and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Wootton, Civanlar, Semaan, and Vu as applied to claims 1 and 8 above, and 
further In view of Daude et al. (US 6892235), hereafter Daude. 

Wootton and Civanlar teach all the limitations of claims 4 and 12 except for the 
use of a proxy server in the gateway (firewall/filter). 

The general concept of using a SOCKS proxy server within a firewall, packet 
filter, or gateway Is well known In the art as taught by Daude. (Col. 3 lines 51-64 teach 
the use of a SOCKS proxy server within a firewall.) 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Wootton and Civanlar with the general concept of using a SOCKS 
proxy server within a firewall, packet filter, or gateway as taught by Daude in order to 
allow users of the private network better access to Internet services. 

4. Claim 20 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wootton, Civanlar, Semaan and Vu as applied to claim 1 above, and further in view of 
WIttman (US 2005/0169282). 

Wootton, Civanlar, Semaan and Vu teach all the limitations of claim 20 except for 
filtering packets by type and port. 

The general concept of a gateway or firewall filtering packets by type and port is 
well known in the art as taught by Wittman. (See [0022]) 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Wootton, Civanlar, Semaan and Vu with the general concept 
of a gateway or firewall filtering packets by type and port as taught by Wittman in 
order to permit the administrator to have more information with which to tailor 
filtering rules. 

Response to Arguments 

5. Applicant's arguments with respect to claims 1-3, 7-12, and 18-23 have been 
considered but are moot in view of the new ground(s) of rejection. The Examiner notes 
that in the above rejections explanations have been provided as to how the references 
of record map to the newly amended and added claims. Should the Applicant wish to 
discuss the rejections of record and/or amendments that may overcome the art of 
record the Examiner invites the Applicant to schedule an interview. 

Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL E. KEEPER whose telephone number is 
(571 )270-1591 . The examiner can normally be reached on Monday through Friday 
9am-5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nathan Flynn can be reached on (571) 272-1915. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



MEK 6/20/2008 
/Joseph E. Avellino/ 
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